Posts by Alexander Hanff

Page:

NebuAd rise from the ashes in the UK

NebuAd may have shut down in the US but in the UK they have rebranded and are about to relaunch as Insight Ready Ltd.

This looks to have been planned for some time as NebuAd first registered insightready.co.uk last summer and were promoting the Insight brand last autumn. Paul Goad appears to be the CEO of Insight Ready Ltd. (NebuAd's former UK Managing Director) and it looks like NebuAd's Commercial Director, Tony Evans, seems also to be involved.

See https://nodpi.org/2009/05/19/nebuad-pull-a-fast-one/ for more details.

@mike2r

No it isn't, it is trying to force companies to behave ethically and respect the rights of individuals. Another reason why this is not suitable to try and enforce on browsers is because a browser cannot possibly tell people what the cookies for each site are for so how is a customer supposed to give or deny informed consent on a per site basis?

It makes far more sense for web sites to filter based on geofilters (given they are making money out of the data) than it does to try and force browsers to do it (which make no direct revenue out of the data, they merely give people the means to access web sites).

This is -not- a browser issue, it is a commercial behaviour issue which needs to be addressed at the core level as I stated before. And what about LSO's (flash cookies) are they supposed to be controlled by the browser too?

@mike2R

Because browsers are not limited to an EU market, in fact most of them are developed outside of the EU. A browser company is unlikely to want to be forced into something by foreign laws.

Plus it leaves a lot of holes in the net for rogue companies to manipulate. If people get annoyed with clicking an option in their browser to allow cookies by default, it will apply for -all- cookies even though it is unlikely that people will be happy to have all cookies allowed. The legislation needs to impact the source of the problem, which is the web sites themselves instead of passing responsibilities off to 3rd parties which are certainly not the responsible parties.

Privacy is a right not a convenience (or inconvenience depending on your view) so if companies have to throw a couple of hours work at becoming privacy compliant that is their problem to resolve not the browsers.

@ Eddie Edwards

Furthermore, when was the last time a large company wanted to know what a law means so they could comply with it? In the real world, companies only want to know what the laws mean so they can find loopholes which allow them to circumvent compliance.

In principle the arguments regarding cookies in the Directive are very good, they give weight to consumer choice over commercial interests, that is a very positive step. Defining what is essential and what is not would be useful but it certainly doesn't warrant a knee jerk reaction against the spirit of the directive.

@Eddie Edwards

I should have typed all these in 1 comment but never mind.

Your reference to IR35 in the last part of your comment is incoherent. Quite obviously it is very easy to determine whether or not you are compliant on the cookie issue, simply don't set any cookies until the user indicates consent, problem solved.

I suspect that definitions of essential cookies will be either included in notes for the directive or will be left to member states to define within their own legislation.

The answer from my side of the fence (pro privacy) is that essential cookies might include login and site preference cookies (including compliance with the Disability Discrimination Act). Whereas advertising/marketing, 3rd party and tracking cookies are not essential.

Do I think people should be asked permission before Google Analytics, Audience Science, Shopping Cart deletion (as per examples in the article) are permitted? Yes of course I do.

Instead of whining

Why don't Out-Law attempt to come up with a solution to the abuse of cookies by unethical advertising industry practices which track users online?

Mind you I don't know why you are concerned, given the level of regulatory capture which currently exists in the UK and the historical evidence illustrating a complete lack of enforcement by the relevant bodies; it is highly unlikely any such changes or interpretations of EU Directives will impact the technology industry in the UK, which is rapidly becoming a safe haven for unethical business practices. And let's face it, many of the organisations responsible for such disgusting behaviour probably have Pinsent Masons (yes Out-Law.com) on retainer.

Anyone who can't see an obvious conflict of interests with this article would have to be incredibly short sighted.

Lets clarify this

1. The only reason the ICO were able to take enforcement action is because the company running the database was not registered with the ICO as controlling personal data. That is the only criminal offense which took place here - if they had registered themselves with ICO at a cost of £35 a year then they would have avoided this prosecution.

2. David Smith, deputy Information Commissioner himself stated last Saturday on a panel at the Convention on Modern Liberty that ICO have NO enforcement powers under DPA when it comes to registered institutions/corporations.

3. David Smith, deputy Information Commissioner himself stated last Saturday on a panel at the Convention on Modern Liberty that the ICO registration fee was a TAX on businesses and contributes to the ICO's annual budget.

So there you have it, for a fee of £35 per year any company or organisation can basically do whatever the hell they like with personal data. They might get told off by the ICO if they break the DPA but they certainly won't be prosecuted.

With reference to points 2 and 3 above watch the video yourself to see him saying those things, it is available here:

It is the second video (the Q&A panel) which contains the relevant statements - readers might also be interested in the deputy information commissioner's statement that ICO don't need to take action against Phorm because the public are doing such a good job of it. Oh and also that people in the UK don't have a right to privacy, only a right that others respect their privacy....the guy is a complete idiot in my book.

Gillick's Competence

To my knowledge the only case law in England which covers child consent is Gillick's Competence and is only applicable to medical treatment. My understanding is that in other cases not relating to medical treatment age of consent should be accepted as being 16 or above.

Charged under the DPA?

So exactly how is this Dr being charged under the DPA? For the past year the ICO have been telling members of the public that they have no powers to take DPA breaches to court and that the only option for court is a private civil prosecution where "damage" must be proved in order for a case to stand a chance.

So it is interesting to see that when the rich and famous get their data abused suddenly the ICO are taking criminal action?

Thereis not enough info in the article to determine exactly what action is being taken and how - I would be very interested to find out.

erm...

The outside lane of a motorway is NOT the "fast lane" go read your highway code.

Secondly, if the peer had been paying DUE CARE AND ATTENTION to the road he should have been able to avoid hitting the stationary vehicle - it is not like the incident happened right in front of him and of course this is why we have SAFE STOPPING DISTANCES so even if it had happened right in front of him he would still have no excuse.

If people stopped speeding and stopped driving up each others arses the vast majority of RTAs would never happen - I have seen some appalling behaviour by other drivers both on the motorway and off (including the police and other public sector workers).

NUBS 2

When I worked on the development of National Unemployment Benefit System 2 back in the early 90s (a project run and delivered by ITSA - Information Technology Service Agency which was a government department not an external corporation) backup and redundancy were paramount. The entire system had 4 sites around the country for redundancy and it would require all 4 of the sites to go down at once for the system to fail.

Sadly the site where I used to work is now occupied by EDS and it seems redundancy has become a thing of the past for government IT systems. NUBS2 was by no means perfect and was replaced by Jobs Seekers Allowance, but it seems to me that things back then (when they were run by civil servants) made a lot more sense from a development perspective than they do now.

two words

Phorm legal team

In other news it would appear that Phorm have also replaced their legal team. David Pester is no longer listed as Legal Counsel on Phorm’s web site and appears to have been replaced by Sharon O’Leary and furthermore Teresa Marrero (who used to be listed as VP Commercial Law on Phorm’s web site) has apparently disappeared too.

Phorm have done a good job of keeping the news about their legal team quiet (presumably they are not required to announce such changes under AIM rules) and I am not one to speculate (OK maybe a little) but one can only assume that things are not as rosy as recent press articles may lead you to believe.

Criminal Breaches

From my research of the relevant laws, the penalties should this go to trial and BT/Phorm are found guilty are custodial and a fine; if each count is penalised according to the legislation then we are looking at literally millions of years in jail with unlimited fines.

Of course it would be naive to believe that the court would impose maximum penalties for all counts, but I would expect at least the fine to be substantial and there would be no justification for not issuing a custodial sentence for the 5 years in accordance to the same legislation.

I made complaints under Computer Misuse Act (custodial and fines), RIPA (custodial and fines) and criminal Copyright violations under Copyright, Designs and Patents Act. So really the only acceptable outcome is for who ever was responsible for letting this happen either goes to jail or at least gets a suspended sentence. The fines should this be tried at the Crown Court or higher, is unlimited according to the law.

@MIchaelG - What are you smoking?

RIPA does NOT only apply to public authorities, it also applies to private individuals and companies; I suggest you actually read RIPA before commenting about it and maybe look at the existing case law.

Don't use the exclusion email address you are playing into their hands

The law states that the system has to be Opt In and the exclusion email address is Opt Out. Do NOT use the email address. Add the terms and conditions which have been drafted by Nicholas Bohm and can be found on https://nodpi.org

The Home Office stated that there MIGHT be a case of implied consent ONLY IF there are not explicit terms denying consent. By adding the terms you are complying with the Home Office's advice (even though they state that their advice is not legal advice and just an opinion.)

BBC ignores invasion of privacy

What we need to remember

The case was handed to a Detective Inspector in CID who confessed having little to no understanding of technology and who originally stated that only Public Authorities fall under the jurisdiction of RIPA.

I am considering filing for a Judicial Review on the grounds that the officer in charge of the case was not "qualified" to manage it by his own admission and that the case should have been dealt with by a team of technical experts.

The fact that I handed the police a very comprehensive complaint outlining which laws I felt had been broken, citing the relevant sections of those laws, directly referencing which sections of the BT internal report provided evidence of the breaches; yet still DS Murray asked me to come up with some questions he could ask BT at the meeting he had with them on Sept. 2nd.

As Mr Nicholas Bohm has been quoted in Chris' article I fail to understand how no criminal intent existed since the intent of the trials was specifically to intercept and modify their customers communications; which is a criminal act. They did not accidentally intercept and modify those communications - the entire purpose of the trials was to do exactly that.

re: Address?

Get out your pens

Could everyone please put pen to paper (not fingers to keyboard) and write Commissioner Vivian Reding a letter applauding the news and reiterating your concerns over the Phorm issues (including the trials and future deployments of the technology). It is critical that we now make sure Commissioner Reding discovers just how much of a public issue this is, and that it is not just a few geeks complaining.

If everyone writes to her office, she will have no reason to doubt the seriousness of this case and will hopefully pursue the issue accordingly. This is a great opportunity to bypass the regulatory capture currently being demonstrated by ICO.

Call to Action

I would like to take this opportunity to encourage everyone to attend the protest, it is set to be a very interesting day. I am in the process of organising guest speakers to give presentations during the lunch time period outside the Barbican.

We plan to start at 10am to catch shareholders on their way into the AGM, then after the speeches we are heading down to BT's HQ where the protest will continue.

Throughout the day a petition calling for action from the Metropolitan Police with regards to the covert trials in 2006/2007, will be available for people to sign and will be presented to the Met at the end of the day along with the case file.

This is a very important issue not just because of the illegal trials of 2006/2007 but also in light of the current Net Neutrality debate, the mission creep possible with this DPI technology is very sinister in light of that debate as well as regards to privacy issues.

Finally, I would like to thank Chris once again for his dedication to this issue over the past 3 months.

re: Since when

Re: Silliness

You seem to be forgetting one important fact here. The UK are already the 4th most monitored country int he world. They are doing a fine job in building a surveillance society they have no need of Phorm.

Silliness

Can the rampant crazies please stop the nonsense about "The government want Phorm so they can spy on us", believe me, if the government want to spy on you they don't need Phorm and never will, so stop being so bloody stupid.

Secondly, Kent (my vowels almost get mixed up every time I utter that name). My personal experience with him after attending a recording session for BBC "Click" with him is that he behaves like a spoilt child. He was rude to the BBC (turned up 30 minutes late and then refused to answer their questions with anything other than his usual rubbish about "Google is evil blah blah blah" irrespective of the question being asked) and he was way beyond rude to me resorting to personal attacks and insults.

It doesn't surprise me in the slightest that he has now made a personal attack on FIPR as the man simply has no class. I would be worried too if my share price had dropped over 60% in 2 months and government advisory groups were calling my business model illegal.

Incidentally, you can see the BBC "Click" episode on 3rd/4th May at 11:30am on BBC News 24.